1. Technical Field
The invention relates to user authentication and access control in a wireless access system.
2. Background Art
A device generally called a [wireless LAN switch] is given as a device having a control function of a wireless LAN (Local Area Network) access point and a LAN frame switching function.
FIG. 17 shows an example of an architecture of a communication system to which the wireless LAN switch is applied. In FIG. 17, the wireless LAN switch accommodates a plurality of wireless LAN access points. Further, the wireless LAN switch is connected via a router or a switch to an authentication server (Radius (Remote Authentication Dial-In User Service) server), a DHCP (Dynamic Host Configuration Protocol) server and an SIP (Session Initiation Protocol) server. Further, the wireless LAN switch is connected to the Internet via the router or the switch and equipment of a common carrier.
The wireless LAN switch has a function of managing the plurality of wireless LAN access points. The management function includes a function of managing the authentication of a user trying to connect to a network by use of one of the wireless LAN access points in an integrated fashion. The wireless LAN switch, in the case of receiving a connection request from the user, performs the user authentication in communication linkage with the authentication server. When the user authentication gets successful, the wireless LAN switch leases, from the DHCP server, an IP (Internet Protocol) address that should be used by the user. Once the IP address is assigned to the user, the communications can be performed via the wireless LAN switch. Further, for example, if the user desires to use an IP telephone, the user performs the communications with the SIP server via the wireless LAN switch, thus establishing an IP telephone call on the Internet.
The wireless LAN switch is installed in an enterprise network for the purpose of providing staff members of an enterprise with an access service to the Internet and the Intranet, and manages a plurality of wireless LAN access points installed within the enterprise. The staff member of the enterprise can utilize the Internet and the Intranet via the wireless LAN switch by connecting a wireless LAN terminal to one of the wireless LAN access points.
As described above, the wireless LAN switch is installed for providing the staff members of the enterprise with usage environments of the Internet and the Intranet. Therefore, it is not assumed to provide the usage environments of the Internet and the Intranet with respect to accesses from persons (such as staff members of other enterprises and customers of the enterprises) other than the staff members of the enterprise concerned.
Over the recent years, in the services provided by the common carriers, there have arisen needs for employing the wireless LAN switch. One of the services is a mobile centrex service. In the mobile centrex service, the wireless LAN access points are installed within the enterprise, and extensions are actualized by the wireless IP telephony. One other service is an FMC (Fixed Mobile Convergence) service. The FMC service is a service in which fixed communications are merged with mobile communications. In the FMC service, the wireless LAN is placed as one of access lines, and a network of the common carrier accommodates a wireless LAN in the enterprise, a public wireless LAN and a wireless LAN in a home.
The following technologies described in the following documents are given as the prior arts related to the invention.
[Patent document 1] Japanese Patent Application Laid-Open Publication No. 2004-172782
[Patent document 2] Japanese Patent Application Laid-Open Publication No. 2004-179882